Satellite server in remote environment monitoring

Today we will talk about one of the most versatile elements that Pandora FMS Enterprise offers us for monitoring distributed environments, the Satellite server. It will allow you to monitor different networks remotely, without the need to have connectivity directly from the monitoring environment with the computers that make it up. We will describe the typical case of companies that have central headquarters and remote offices, the different things we may find and how the satellite server can help us deploy efficient monitoring in an economic, fast and simple way.

Standard monitoring types

Before getting into the description of the case, let’s remember how monitoring works overall with Pandora FMS. There are two basic types of monitoring, local monitoring and remote monitoring.

The first, which we call local, consists of installing a small software on your devices (servers, mobiles, workstations, etc.) which we call monitoring agent. Agents are in charge of collecting the metrics locally on the machine, packaging them and sending them to the server. In this type of monitoring, communication goes from the agent (monitored device) to the server in a defined time interval, so the server does not have to interrogate the device, it just has an open port through which information is received, and any device that can reach that port will be able to send its data, so communication is “simple”, you just need to make sure that your monitoring server is exposed to all of your agents.

The second form of monitoring is what we call remote monitoring. Remote monitoring means that the monitoring server interrogates the agent to monitor through some protocol (icmp, tcp, snmp, http, wmi, etc). This could go from a simple ping to connecting to the api of a complex tool, such as vsphere, to retrieve information from all virtual machines, esx and datastores running in this environment and their corresponding metrics.

This type of monitoring opens the doors to being able to retrieve large amounts of data requiring little configuration and without the need to install any extra software on the devices, which is wonderful, but it also entails other inconveniences, such as having to guarantee connectivity from the monitoring server to each of the elements to be monitored, taking into account the security criteria to open these communications.

When you have a single headquarters of any size, this is not usually a problem, since you might usually have your devices and applications concentrated in the same place and communications management between environments is usually easier, this situation becomes complicated when you have more than one headquarters or small remote offices.

Description of a distributed environment

Let’s picture a distributed architecture with a headquarters where you have most of your applications and IT equipment, but you also have smaller sites that also have their equipment and applications. We have examples of this infrastructure, highly distributed, in environments like restaurant franchises, supermarkets, banks, retail stores, pharmacies, insurance companies, etc. Where they usually have powerful, well-managed data centers at headquarters, but remote sites lack the space or staff to maintain servers. Most of the time, there are not even permanent technical support staff for the equipment in these locations, so implementing monitoring can be challenging.

If some technology is implemented such as a site-to-site vpn, a sd-wan or dedicated communication between your sites, there is hardly any problem, you may have your monitoring environment at your headquarters and from there “attack” your remote devices. Well, the problem is that these solutions are expensive and require implementation and management, and if they are not already implemented, their implementation can become very complicated (and expensive). It is in these cases where the satellite server becomes essential, since it combines the versatility of remote monitoring with the communication behavior of local monitoring.

Using the Satellite Server

The Satellite Server consists of software that will be in charge of doing the remote checks on your network. Let’s say that in our restaurant, for example, it will do network scans, monitor each of the restaurant’s devices through different protocols, store these data and then pack them and send them to the main Pandora FMS server as if it were a local agent, so the headquarters/remote headquarters communication is simplified. You just have to make sure that a single device, the Satellite Server, can communicate with Pandora FMS server, in that sense from the remote headquarters to the main headquarters to send the data packets. Remote checks will always be done from within the local network without the need to expose any of the services, devices or applications of your remote headquarters.

Even if you want to make use of hybrid monitoring (local and remote monitoring) in your remote headquarters, you may install software agents on your devices and point them to our satellite so that it becomes the single delivery point between your remote headquarters and your headquarters.

In addition, the Satellite Server has remote configuration, so once deployed, it can be managed and configured from your main monitoring environment, being able to add new metrics, alert systems, policies and more configurations without having to access your remote headquarters, all from your Pandora FMS web console at your headquarters.

Regarding its deployment, the Satellite Server is a very light software especially compared to a full Pandora FMS installation, so the hardware requirements for monitoring remote sites are really low, it can even be deployed in a Raspberry Pi, which is a very cheap and compact device, or failing that, you may use any of the resources that are already deployed at the headquarters, such as a data server, to deploy your Satellite.

As you can see, monitoring remote sites using the satellite server simplifies a huge deal the configuration necessary for monitoring, helping you save money and implementation time that without a tool like this would be a lot higher and more complex.

Today we discussed only one of the typical cases, which is one of the most common ones, to describe the performance and the usefulness of a satellite server, but it is not only valid for remote locations, it is useful in many other ways, such as load balancing, making checks at the same point from different locations (very useful in monitoring web pages) or even for monitoring complex environments such as Kubernetes or Openshift, where many of the services are not exposed to the outside, such as databases or backend services, and that you could monitor if you deployed a pod with the satellite within the network and directly attacking these services, for example.

We give you 21 computer security tips for beginners

The Internet is a tool that, without a doubt, offers a great amount of positive aspects in the daily life of our society, like instant communication, easy access to information… among many other benefits. But also it has negative aspects, and one of the big ones is cyberattacks. That is why we give you today 21 computer security tips for beginners!

Although these attacks are usually aimed at companies, governments, celebrities and in general, targets with important information or involving great monetary value, common people and their domestic devices are not completely free from this problem. And you may think, “ok, but how are they going to attack me, a common person, with no fame and no money?”. Well, regardless of how little you may have, there is always going to be someone who may want to try to take it away, so we suggest you to try to protect yourself as much as possible in this “cyberworld.”

And to make it easier for you, we are going to give you twenty-one computer security tips to protect you against possible malicious cyberattacks:

1. Do not share personal information on social networks. Such as your address, phone, ID… Oddly enough, there are people who do it…

2. Free WiFi? It may sound good, but it could be a trap. It is not advisable to access websites using “sensitive” data on public networks.

3. Passwords. Yes, we know that we’re very lazy to change them every once in a while and that it is very easy to set the same for all of your accounts so that you remember it quickly. But think about this, if they manage to enter your Facebook account, where else can they get into with the same password?

4. Sharing is living? It depends on what, and since passwords are something very personal and sensitive, you shouldn’t share them with anyone other than you, not even your alter ego.

5. And speaking of passwords, do you still have the default password that came with your router? I think it’s about time you update it.

6. Beware of mails. Have you received an email from your bank about an unauthorized change in your account and it asks you to enter your credentials? Very suspicious… If in doubt, contact your bank by phone before rushing! Look carefully at the sender, hover over the URL and check which website the link redirects you to, check if they refer to you by name or by “Dear customer”. In addition, most of them tend to have spelling errors. In general, we suggest you to exercise caution with everything that reaches your mailbox.

If you want to know more about the topic, you can search for “phishing” in your browser.

7. Giveaways you didn’t participate in. There are an unlimited number of scams on the Internet, and you’ve probably come across more than one “You’re our 1000th visitor and you’ve won an iPhone!” Well, it’s clear that this is a scam, and in case you weren’t quite sure, we’re here to confirm it.

8. Recommendation for gamers. Although it is very “cool” to have at your disposal all the games on the market without paying a dime, you should do a little research into the reliability of that succulent pirated gaming website before downloading and installing anything on your computer just because.

9. This one for the not so “gamers” The same thing that we have discussed above applies to the rest of “things” on the Internet. That is, applications, programs, movies…

10. And since we mention programs… Keep your software up to date, or at least, don’t delay too long updating to the latest version developed by developers, as they always tend to add features, bug fixes and, most importantly, security patches.

11. Clean up!. And I don’t mean cleaning your house or your room, I mean your computer. Every program, application or game you have installed is a possible security breach, so consider uninstalling everything you don’t use. And by the way, empty the recycle bin, man!

12. Online shopping. Whenever you go to buy something online make sure that the website has a security certificate, known as HTTPS. You’ll recognize it by the “little lock” to the left of the URL. You can also use payment methods such as PayPal before entering your bank details to make the payment.

13. The Firewall. It is an indispensable element in terms of security for your computer, since it is the one that is responsible for rejecting all connections that are not allowed in its parameters.

14. Antivirus. Another element, although less essential but always recommended, is to have an antivirus. In Windows 10, Microsoft Defender is installed by default, which is a good remedy to fight against most malicious programs, although if you go for some other of your liking, the important thing is to always keep it active.

15. Alexa, what time is it? Lately it is quite trendy to have a smart device at home but… do you know that every device connected to the internet is “hackable”? With this we’re not telling you to buy one, we only advise you to ponder over the pros and cons well, and whether you are going to risk a possible espionage by means of “Alexa, tell me a joke”.

16. Espionage? You never know who or what may have infiltrated your computer, so if you are somewhat skeptical, you can cover up your webcam and mute or unplug the microphone so that no one can see or hear you.

17. The“guardian angel”. Well, he’s not really a guardian angel, but he’s been with us everywhere for a few years. You know what we mean, right? Indeed, the mobile phone, or as it is known lately “SmartPhone”. Some think that these devices are immune to attacks… but we are sorry to tell you that they are not. Therefore, you must take the same precaution, in this case with messages and calls from strangers that seem suspicious, and of course with unofficial applications, the famous “apks”.

18. “Backups”. Hasn’t it happened to you that your hard drive (or your entire computer) broke down and you lost the photos of the summer of 2006 that you spent in San Diego that you had so much appreciation for? A quick and easy way to avoid this is to create a backup, both of the entire disk or of the photos themselves, or whatever you want to save on another disk as a precaution. Also that way you can prevent certain types of viruses that destroy everything in their way from affecting you.

19. Every precaution is little. If you want to make sure that nothing happens on a network while you are not present, you can disconnect from the network, or directly turn off your router, for example at night, thus making sure that no one can attack you and thus have a “good sleep”.

20. Browsers. The Internet is riddled with web pages that track and monitor your activity and store information about us. Therefore, it is convenient to have a browser that allows you to block or manage as much as possible both the trackers and the well-known “cookies”.

21. VPNs. If you are looking to have privacy on the Internet, you can try using a trusted VPN, which is the closest thing you are going to have to “real” privacy in the “cyber world”.

And with that we finish off our round of advice! We hope that they will be of great help to you in raising the security level of your devices, and in general, of your home network.

Satellite server in remote environment monitoring

Today we will talk about one of the most versatile elements that Pandora FMS Enterprise offers us for monitoring distributed environments, the Satellite server. It will allow you to monitor different networks remotely, without the need to have connectivity directly from the monitoring environment with the computers that make it up. We will describe the typical case of companies that have central headquarters and remote offices, the different things we may find and how the satellite server can help us deploy efficient monitoring in an economic, fast and simple way.

Standard monitoring types

Before getting into the description of the case, let’s remember how monitoring works overall with Pandora FMS. There are two basic types of monitoring, local monitoring and remote monitoring.

The first, which we call local, consists of installing a small software on your devices (servers, mobiles, workstations, etc.) which we call monitoring agent. Agents are in charge of collecting the metrics locally on the machine, packaging them and sending them to the server. In this type of monitoring, communication goes from the agent (monitored device) to the server in a defined time interval, so the server does not have to interrogate the device, it just has an open port through which information is received, and any device that can reach that port will be able to send its data, so communication is “simple”, you just need to make sure that your monitoring server is exposed to all of your agents.

The second form of monitoring is what we call remote monitoring. Remote monitoring means that the monitoring server interrogates the agent to monitor through some protocol (icmp, tcp, snmp, http, wmi, etc). This could go from a simple ping to connecting to the api of a complex tool, such as vsphere, to retrieve information from all virtual machines, esx and datastores running in this environment and their corresponding metrics.

This type of monitoring opens the doors to being able to retrieve large amounts of data requiring little configuration and without the need to install any extra software on the devices, which is wonderful, but it also entails other inconveniences, such as having to guarantee connectivity from the monitoring server to each of the elements to be monitored, taking into account the security criteria to open these communications.

When you have a single headquarters of any size, this is not usually a problem, since you might usually have your devices and applications concentrated in the same place and communications management between environments is usually easier, this situation becomes complicated when you have more than one headquarters or small remote offices.

Description of a distributed environment

Let’s picture a distributed architecture with a headquarters where you have most of your applications and IT equipment, but you also have smaller sites that also have their equipment and applications. We have examples of this infrastructure, highly distributed, in environments like restaurant franchises, supermarkets, banks, retail stores, pharmacies, insurance companies, etc. Where they usually have powerful, well-managed data centers at headquarters, but remote sites lack the space or staff to maintain servers. Most of the time, there are not even permanent technical support staff for the equipment in these locations, so implementing monitoring can be challenging.

If some technology is implemented such as a site-to-site vpn, a sd-wan or dedicated communication between your sites, there is hardly any problem, you may have your monitoring environment at your headquarters and from there “attack” your remote devices. Well, the problem is that these solutions are expensive and require implementation and management, and if they are not already implemented, their implementation can become very complicated (and expensive). It is in these cases where the satellite server becomes essential, since it combines the versatility of remote monitoring with the communication behavior of local monitoring.

Using the Satellite Server

The Satellite Server consists of software that will be in charge of doing the remote checks on your network. Let’s say that in our restaurant, for example, it will do network scans, monitor each of the restaurant’s devices through different protocols, store these data and then pack them and send them to the main Pandora FMS server as if it were a local agent, so the headquarters/remote headquarters communication is simplified. You just have to make sure that a single device, the Satellite Server, can communicate with Pandora FMS server, in that sense from the remote headquarters to the main headquarters to send the data packets. Remote checks will always be done from within the local network without the need to expose any of the services, devices or applications of your remote headquarters.

Even if you want to make use of hybrid monitoring (local and remote monitoring) in your remote headquarters, you may install software agents on your devices and point them to our satellite so that it becomes the single delivery point between your remote headquarters and your headquarters.

In addition, the Satellite Server has remote configuration, so once deployed, it can be managed and configured from your main monitoring environment, being able to add new metrics, alert systems, policies and more configurations without having to access your remote headquarters, all from your Pandora FMS web console at your headquarters.

Regarding its deployment, the Satellite Server is a very light software especially compared to a full Pandora FMS installation, so the hardware requirements for monitoring remote sites are really low, it can even be deployed in a Raspberry Pi, which is a very cheap and compact device, or failing that, you may use any of the resources that are already deployed at the headquarters, such as a data server, to deploy your Satellite.

As you can see, monitoring remote sites using the satellite server simplifies a huge deal the configuration necessary for monitoring, helping you save money and implementation time that without a tool like this would be a lot higher and more complex.

Today we discussed only one of the typical cases, which is one of the most common ones, to describe the performance and the usefulness of a satellite server, but it is not only valid for remote locations, it is useful in many other ways, such as load balancing, making checks at the same point from different locations (very useful in monitoring web pages) or even for monitoring complex environments such as Kubernetes or Openshift, where many of the services are not exposed to the outside, such as databases or backend services, and that you could monitor if you deployed a pod with the satellite within the network and directly attacking these services, for example.

If you want to learn more about the Satellite Server feature, how to install and configure it, or want to find out more Pandora FMS specific features, stay tuned to our blog and do not hesitate to visit our youtube channel, where you may find tutorials, workshops and a lot of content devoted to this and many other topics related to monitoring.

Advanced tasks: user experience monitoring

In the last century we had very primitive computers and now, at the dawn of a new millennium are we the users who have become primitive !? Want to learn more? Let’s get to know User Experience Monitoring

My first computer, in 1987, was a laptop with a monochrome LCD screen and 16 kilobytes of program memory. They were 15,584 precious bytes and they were read and executed very quickly. When I started to study engineering, it was the turn for that noble artifact to perform approximate integrals and, bam! This is where user experience comes in, when the professor asked me to compare his final result with that of the computer.

Sometimes, depending on the complexity of the formula and the iterations requested, the teacher would finish before the computer. That is why I had to choose those parameters well before starting the calculation, just based on estimation. A decade later, GNU/Linux already existed, the Internet boom began (which has not stopped to this day) and we began to connect by applications that allow us to have a terminal window and thus leave workload calculation to servers dedicated to it.

The experienced user

What we were clear about was that computing power was needed. Decades had gone by where it was delegated to remote terminals and/or dumb terminals and the entire workload was done on a “supercomputer.” Sir Tim Berners-Lee created, de facto, HTML and web pages were like static board ads, changing from time to time. Something called Common Gateway Interface (CGI) was invented to allow them some dynamism. This is how we began to worry about the time it took to solve calculations and results and then present them in a web page template.

Databases evolved: I used MS Access® for small applications and for everything else dBase® and Clipper®. Then Visual Fox Pro® came, with which I was able to handle tens of millions of records on a personal computer.

It was inevitable that databases would pass by without impacting our lives. Later, in this century, PHP language was responsible not only for creating web pages, their HTML code, but we could also custom generate, in several versions, according to different parameters, connecting directly to databases and retrieving data for users in real time.

Brief retrospective

By the beginning of this century, Pandora FMS was born (in 2004, to be precise) and the checking and loading time of a web page, its HTML component, is part of what I consider primitive monitoring. It even has some advanced components, such as text search on the web page or simple login, like the POST type, to take the time it takes to return a result, among other Modules.For Pandora FMS, each measure is called a Module, which are grouped by Agents.

Meanwhile, desktop applications, now known as on premise, were also evolving. In said applications, all their binary code relies on the device where they are executed, and the data is either obtained from a local file or is connected to a database to obtain and edit information, more useful and widely used. They are also known as native applications of each operating system in particular.

Pandora FMS can do remote database checks and we can add operations that a user would generally do. For example, ask for the last seven days of sales, -if the database is online- how long it takes to return this result: if it takes X amount of seconds or more, return a warning on the screen or an alert by mail, SMS, and so on. This gives you a rough idea of the state and operation of a system, but it is not yet user experience monitoring.

Complex applications

As the computing power in servers has always been higher than in our homes or offices, the ingenuity of application programming interface, better known as API, was realized. An API is a set of functions, procedures, and subroutines that provides a “library” to be used by other software. Pandora FMS and many applications have this way of allowing third parties to develop their own interfaces to perform predefined tasks: create a new article in the database? Publish a price list? These tasks are candidates to be performed through an API.

But we are approaching user experience monitoring: if the application created by a third party goes slowly, where is the bottleneck?, in the application?, on the server?, in the communication of the server? Are there other causes for this delay?

Another detail to take into account is our human factor: I have personally had to be told that an application I have made “is going slow”. I took the source code, I changed the background color of the forms, I compiled, installed and received a variety of different responses: what got better, what got worse, etc. That is what is called qualitative reporting, but without figures or facts to support it.

Pandora FMS has real cases of experience monitoring where they reported quantitatively how and when process delays were detected. Thus we are already reaching the present, the applications that we use the most at the time of writing these lines.

Web applications

You can see how the Internet has changed the way we work to reach something that is practically ubiquitous today: web applications. Through a web browser, users are identified and everything is done online, whether the web application connects directly or, through API, to one or more databases.

They have the advantage of being able to quickly change forms for users, but it opens up other problems such as workload sharing between multiple servers and redundancy in data storage. For all this, Pandora FMS has excellent tools, and we can even add our own, that’s how flexible it is!

Said web applications can also be delegated to third parties, and if this is the case, Pandora FMS can monitor the service level agreements (Service Level Agreement or SLA): these scenarios are really complex and they may even need to include user experience monitoring.

Primitive Users

Thus, we have reached the great concern of our times: Is our computer powerful enough to run our favorite web browser? Because, actually, the vast majority only run a web browser and there they read their email, communicate through social networks, carry out their remote work during the pandemic, access their bank accounts, publish on their blog, keep spreadsheets online for different subjects…There are even dozens of tabs open, each one consuming processor and memory cycles by the web browser.

We have become rudimentary and elementary, even our web browser updates automatically. We can acquire a new computer and in a short time have everything working again as we had it since it is completely based on the web browser. I even have Mozilla Firefox and Google Chrome accounts that sync with my other devices like mobile phones and e-book readers: they offer this service to keep everything centralized.

With Pandora FMS and its Software Agent (small application installed in each device and that monitors locally) we can quickly know if these web browsers represent a very large workload for the device, as well as inventory of the software and hardware from all of them.

Have we been monitoring enough with this brief retrospective that I told you? This is where user experience monitoring comes in.

Experience monitoring

User experience monitoring is like simulating being a user who executes predefined monitoring tasks and whose results are carefully measured, saved and sent to the corresponding Pandora FMS server.

It was invented for all this that I explained you, both web applications and desktop applications.

To be honest, I’m not the first to write on this blog about user experience monitoring:

For web applications, Pandora Web Robot (PWR).
For desktop applications on MS Windows®: Pandora Desktop Robot (PDR).

Essentially, and in both cases, it is about moving and clicking with the mouse and/or pressing the keyboard for each of the application options to be monitored. If you want to know the details in depth, you should undoubtedly click on each of these two articles after finishing your reading here, since there is not much left to finish off.

Progressive web applications

Of course the world is constantly changing. Now web browsers, through the support of each operating system, offer progressive web applications that blur the boundaries between web applications and desktop applications.

They base their technology on HTML, CSS and JavaScript (which works as PHP but on the client side), which is no surprise to us who are used to web applications. The difference is that it uses background processes that are responsible for intercepting our requests to the domain where the web system server resides, but go further using the cache of the web browser. They do not need installation as we know it (if the user consents to its use) and can even make use of their own local databases such as SQLite, for example.

Here monitoring is somewhat complicated, since these progressive applications are capable of working offline with previously saved data: it will be a matter of programming requests with content of random values to avoid this behavior. We can also refine and target our Software Agents to refine our monitoring task. But all of that is enough material for another article.

Before finishing, remember Pandora FMS is a flexible monitoring software, capable of monitoring devices, infrastructures, applications, services and business processes.

Do you know what Productivity porn is? We tell you everything you need to know!

“Have we gone crazy yet?”, this is a question that comes to mind very often these days. Indeed speed and excess is what characterizes the present time we live in. Constant and pressing stimuli that lead to viral videos, fake news and extravagant coach appointments that lead nowhere. Vanity and emptiness are for sale, even when it comes to productivity tips. “Do you know Productivity porn?”, this is another question, not as conventional but as relevant as the previous one, at least if you have fallen into its disturbing clutches.

To this day, we know that if you have managed to get to work, already a milestone, you will do so for an average of at least 90,000 hours in your life. That’s about ten years of consecutive work. Discouraging but true. So it is normal that, aware of the subject, you try to make the most of the time you spend at work. However, our desire for it has gone so far and in such a macabre way that, as always, it has ended up taking its toll on us. That harmful addiction to productivity, productivity, productivity and productivity at work has been renamed “Productivity porn”. A more stale and abominable “porn” than the “porn” we are used to.

Some obvious characteristics and signs of the so-called Productivity porn:

1. Productivity porn is often noted for its unrealistic demands, “If you want to achieve maximum productivity, get up at 5 in the morning and check out your entire mailbox, social networks and what the commercial postman brought before 6″ “Do you only have one planner? Go get several! In paperback as well as digital and online and fill them in with a succession of hours and perfectly delimited work blocks so that there is total evidence of the 15 minutes and 40 seconds of the rest for beer and tacos that you deserve once a week.”. Because Productivity porn is like that, consider that you are an indefatigable robot, perfectly designed to advance in your work and in your life or die in the exhausting attempt.
2. Even less realistic results. One can fan that flame: “Do not be yourself, be the best version of yourself, be the TOP of yourself, Leonardo Da Vinci and Cristiano Ronaldo, together, of yourself.”. But what Productivity porn does is try to capture and brainwash you into being a completely different person than you really are. Changing your personality so that it is replaced by a computer program, and also promises you that this transformation will take place from one day to the next. Like the diets of the telemarketing.
3.  There is always a guru. Perhaps this is the greatest of the signs that Productivity porn presents. A god among men, who floats above them radiating a halo of light and who expresses with all his being an aura of “Admire me, I know the way (for everything) in this life”. Many times you will recognize him for appearing in the ads of your favorite videos on YouTube, others for his pedantic demagogy. In any case, his physical and psychological attractiveness is one of the greatest assets of Productivity porn.

It is very true that, as experts in the field, they will have achieved results sometimes, but it is very naive on our part, and misleading on their part, to believe that there is a definitive recipe, that if it is followed carefully, it could work miracles, to turn any of us into a profitable machine and harvester of successes, with the results that we hope to achieve at our feet in the blink of an eye.

If you’ve ever come across any of these striking features, you’ve likely been in front of the toxic tóxico Productivity porn. I’m sure right now you would know how to identify it among other realistic and evidence-based productivity strategies. Cool, it is important to be aware that applying Productivity porn can be harmful.

But why do we fall prey to Productivity porn?

If it smells rancid a mile away, why the hell are these unrealistic productivity plans so appealing to us? I already told you, Productivity porn points directly to our little heart, to that part that likes to have illusions.

And it is that positive thinking is usually synonymous with productivity, but fantasizing and constantly having our heads in the clouds, with our unlikely desires, takes us out of the most palpable and decisive reality. We plunge into a whirlwind of fantasy, based on dreams instead of facts, and we end up setting goals that, at first, can never be achieved. Bad things for true productivity.

And, surely, Productivity porn and its presumptuous and unreal routines do not help. Both planning, and reading excessively on how to plan, is an obvious sign of procrastination, also typical of Productivity porn, which takes us away from what we really should be doing: focus and work on our purposes.

We need more confidence and performance and less to have the false sense of work that planning too far in advance and in the long term gives us.

Spending the afternoon watching videos on YouTube about how this diet is going to get rid of that belly is much more comfortable than going down to the street immediately to exercise. ¡Focus!

Product tips of the day

We have already seen what it is and why we fall into this nervous breakdown that is Productivity porn, now we better see some tips about real productivity. Something that helps you move forward and focus, but not like a locomotive with an inexhaustible battery, rather like a capable and persevering being who wants to make their day to day something useful.

1. Accept your limitations.. The sooner you stop thinking of yourself as a Superman who endures and can do everything, the better. Consider yourself a Batman, he also has bad days and also gets tired of battling the Joker. Do not take your work home with you, do not corrupt your family life, love life, friendships or hobbies with it. You will come back with more enthusiasm if you leave your work apart from your private life.
2. Avoid spending the day looking for tips and secret formulas to save time in your life or in your work, and guess what, you will save precious time in your life and in your work.
3.  If you install a new productivity strategy in your routine, give it time to work. It needs that, perseverance, diligence and discipline to master it. Do not go crazy because at the very beginning you have not achieved a world productivity record, give yourself time.
4.  When you know that something works, keep it and do not change it, at least without prior analysis, by another type of strategy that you have been promised works better. Go at your own pace and if it works, don’t mess it up. Better productivity in hand than two in the bush.

Do you already know what a web firewall is? Let us tell you about it.

There’s something that humans and machines have in common, and no, it’s not the disappointment suffered by the final season of Game of Thrones, or, well, at least not only that. What we have in common is that we need protection. You know, animals need it too, and plants, but if you’ve gotten this far, it seems that you’re interested in computers, networks and all these pretty modern “geek” things, so today we’ll talk about that kind of protection.

Just as you would protect your dog, your ficus or yourself, you have to protect your computer. The world is a place full of dangers and risks and the Internet is not far behind. It’s like in Crystal Jungle, only instead of people carrying guns around, we’ll find hunched over users willing to collect information from your computer, networks, and troll you in any possible way.

Remember: “The night is dark and harbors errors”. And horrors too.

The Internet also hosts them, so to protect our beloved computer, we must make use of a “Web Firewall”. What is this “Web Firewall”?

A “Web Firewall” is a system that is intended to protect our private network and block unauthorized access or attacks from other networks. In turn, it allows incoming and outgoing traffic between computers on the same network. That is, it is like the door of your house, or, worth the analogy, a half-open blind that only lets in a specific amount of breeze according to your personal comfort.

But not only that, it can be our beloved ally, protector of what we love the most, since through configurations you may limit, encrypt or decrypt this traffic. Here’s another lucid analogy: Maybe, in your day to day, you have to go to a clandestine meeting whose members no one should know. It is similar with your computer, you may encrypt your traffic so that you cannot access the most relevant data.

The web firewall, capable of such feats, can be implemented in hardware or software. If it’s well configured, it will be an advantage when it comes to protecting your networks, so it’s vitally important to understand how it works and how you may get the most out of it.

How does a web firewall work?

Outline of a firewall on a computer network

It is usually located at the junction point between two networks. Each network or computer can have its own firewall. This can limit the consequences of an attack, as you can prevent damage from spreading from one network to another. The sooner the spread of evil is tackled, the better.

The essential thing that you must know for the operation of the web firewall is that the totality of information and traffic that goes through our router and that is transmitted between networks is analyzed by it. If the traffic complies with the rules you have configured for it, it can enter or leave your network. If the traffic does not meet those certain rules, then it will be blocked from reaching its destination.

There are several methods by which you may filter the traffic of the firewall, for example, configuring it as you please. Remember that a good firewall configuration is paramount. If the lock on your front door was badly designed and anyone could open it, bad people could get in and steal, this is the same thing.

Let’s take a look at some of the filtering methods we’ve been provided by our dear friend, the Web Firewall.

Traffic filtering methods

• Firewall policies: They allow you to block certain types of network traffic.
• Anti-spam firewall: It protects against spam, phishing, etc.
• Antivirus firewall: It protects the internal network against attacks that come from the Internet or wan.
• Content filtering: It allows you to block some types of web content.
• WAP Managed Service: It allows you to control wap devices.
• DPI services: It allows you to control specific applications.

There are a few types of firewalls to highlight, these can be software or hardware, and, if we investigate a little more, we will find others that are somewhat more defined.

Types of web firewall

• Gateway application level: It applies security mechanisms for specific applications.
• Gateway level circuit: It applies security mechanisms when a tcp or udp connection is established.
• Packet filtering: At network level as an IP packet filter.
• Personal: It is installed as software on your computer.

Using a firewall has lots of advantages. We already discussed some, with lots of examples and tremendous analogies, even so, we are going to list the most obvious ones:

Advantages of using a firewall

• It blocks access to computers and/or applications to our networks.
• It allows you to control and restrict communications between the parties under your settings.
• It optimizes communication between internal network elements, helping to reconfigure security settings.
• It establishes reliable perimeters.
• Protection of intrusions and private information.

Nothing is perfect, and web firewalls, despite their fiery name, well, they aren’t either. These also have some notable limitations:

Limitations of a web firewall

• It cannot protect itself from attacks whose traffic does not go through it.
• It cannot protect threats made by insider attacks or negligent users.
• It does not protect against service security flaws and protocols whose traffic is allowed.
• It cannot protect against attacks on the internal network through files or software.

There are many firewall systems, if we use Linux, the one commonly used is Iptables. Yes, it sounds weird, we don’t like weird sounding things and since we don’t like weird things we use the firewall… Hmm… before entering a self-destructive paradox, we will try to understand what this“Iptables” is through a simple explanation.

What is Iptables?

Linux has a firewall system included in its kernel called Iptables, although its configuration can be a bit complex. Its default configuration is to allow everything to enter and exit.

With a suitable Iptables configuration you will be able to filter which packages, data or information you want to enter and which ones you do not. Just like the previous example about the inputs.

To work with Iptables you need administrative permissions so you will have to use sudo. You will have to choose wisely what you let in and what not, and, for this, an adequate knowledge of the commands that you can use in this system is necessary. The following examples are only intended to teach a basic configuration to understand the logic of the web firewall, but for a more correct and complex configuration, I recommend adding information by searching the Internet, specialized books or colleagues in the world.

Some commands to understand Iptables

sudo iptables -P INPUT DROP

-P = Anyone who wants to access the computer
INPUT = We ignore it
DROP = We ignore it

With this command nobody will be able to enter your computer, in fact you neither… so it is not the most appropriate one.

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

The first line tells us that our own computer (lo = localhost) can do whatever it wants.

Before, we said that this was like a house, if we have siblings, parents or children and they leave, we want them to be able to get in again, right? Well that’s what we do with the second line, all the connections that come out of our computer will be allowed by Iptables.

sudo iptables -A INPUT -p tcp –dport 80 -j ACCEPT

With this command, anyone can see the websites that our computer has.

-j ACCEPT = Accept or allow
-dport 80 = Traffic to port 80
-p tcp = make it tcp
-A INPUT = that is incoming

These would be some basic examples of how Iptables works. That is, just to understand the basics of its operation. Like I said, I recommend digging deeper and diving into more information to make an acceptable setup.

And just like Game of Thrones ended, this article also does it, although much better (what a crappy last season), so I only have to say goodbye and wish you to have a good day. AH! And to recommend you to use Pandora FMS, which despite not being a web firewall, is a tool that will also help you protect yourself by collecting information.

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! Get it here .

Last but not least, remember that if you have a reduced number of devices to monitor, you can use the Pandora FMS OpenSource version. Find more information here .

Do not hesitate to send your inquiries. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in this our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish.

How to destroy the world. Is it possible to take down the internet?

We have been warning for a long time: Pandora FMS will control the world. We have given time to world governments to prepare, to North American villagers to prepare their bunker, for sects to draw their banners with “THE END IS NEAR”. And it is, it is indeed. Today, in our blog we reveal the secret plans of this company to overthrow the institutions and rule the world, then you will say that we did not warn you. Get ready, run to hide, children and gentle pets first, because the time has come: Is it possible to take down the internet?

That is the key to everything: Is it possible to take down the internet? For years, in the underground facilities of our offices, scattered across all continents, Pandora FMS has secretly worked to create an evil robot with an evil appearance that will execute even more evil plans. Its super intelligence, unattainable for any other desktop on the market, will help us take what belongs to us from this wasteland called earth and make it ours.

That is why today, on our blog (soon the only existing one) we have the exquisite pleasure to introduce you to Pandorinator RDM (Radical Destructive Mindset), the superior and ominous AI created by our company to help us in the work of crowning ourselves as the sovereigns of the world.

“Damn! Is it possible to take down the Internet, Pandorinator?! “

Pandora FMS: Good afternoon and welcome, Pandorinator.
Pandorinator RDM: Good afternoon everyone! Thank you for inviting me to this talk/colloquium at the end of the world.

Was it hard to get here with that alloy of platinum and gold that you have as armor?

Not at all. I have to get used to moving in it, otherwise one becomes paralyzed and does not come out of its hidden lair. In addition, it is a pleasure to wear it. Touch it, touch it! Don’t be shy! and watch it shine! Nor the roar of a thousand yellow suns at 12 noon radiating with their flames in summer equals it.

Let’s get to the point, Pandora FMS has always wanted to take control of the world, in fact that is why we created you, to advise us. With that said, Pandorinator, what do you recommend?

Well, a global pandemic, which is pretty trendy right now, confronting two great powers such as China and the USA, or, look, even easier, to take down the Internet.

Damn it! Is it possible to take down the Internet, Pandorinator?!

Of course it is, and I say that as an Artificial Intelligence expert on the subject of generating chaos. You only need to know inside out the critical infrastructure elements that make the Internet work.

What are these possible attack vectors?

Look, do you have a notebook there or something? Take note:

• Specific services (web, mail, etc)

Through distributed service denial attacks, it is possible to “take down” services such as websites, applications and others. There are mechanisms to protect against these attacks (such as CDN) and today there are dozens of attacks of this kind daily, massive, but they are quickly mitigated and usually affect specific services (a company’s website) or the Internet as a whole. They often work like an extortion attack (either you pay or we take down your app). Thug life.

• CDN

Basically they are large cache systems for publishing content, which allow Internet traffic to go smoothly. Without them, it would be much more expensive and slow to access all kinds of content, from images to text. All major media use CDNs.

The failure of a CDN can cause partial Internet blindness, cutting off access to large media simultaneously as it happened with the failure of Fastly in June 2021. There are many other CDNs and if they failed, that would mean the blackout of hundreds of thousands of websites of all kinds. The failure of a CDN only causes temporary problems (minutes/hours) in any case.

• Domain Name System (DNS)

DNS is one of the most critical parts of the global Internet infrastructure. The downfall of all the world’s root DNS, as we know it, would truly spell chaos. There are 13 root (main) DNS servers spread across the world. They are hosted by organizations such as NASA, Verisign, the University of Maryland, or the US Army Research Laboratory. To sum it up… tough guys.

If the 13 nodes fail, although there are hundreds of thousands of secondary replicas around the world, it would be necessary to coordinate the recovery, which would lead to partial chaos all over the network. This has never happened precisely because of the security measures and the original design. But that’s what Pandora FMS and I are here for, right?

• Cloud (Amazon, Azure)

Due to the intense concentration of many online services in public clouds such as Amazon or Azure, if one of them fails, that would mean all types of services not working anymore immediately. BOOM! Both AWS and Azure have different geographies to distribute the impact, but in the event of a physical destruction of one of their large data centers, the impact would be significant. Some premium services include automatic geographic high availability, but not all services can afford it. If the AWS data center in Ireland were destroyed by fire, tens of thousands of services would be affected for a long time.

Something similar, but on a smaller scale, happened when part of the data center of OVH, one of the largest European MSPs, got burned. Thousands of customers could not continue operating and lost data, since the backup in a different physical location was an optional service.

• Connectivity

I know what you have in mind. A simple mind like yours might think that the simple cut of a submarine cable could blind an entire country, but the truth is that the Internet was originally designed to avoid such situations. The Internet has millions of interconnections that can be reordered automatically in case of failure of one of them to redirect traffic through the connections that are still operational.

• Worms and Malware

A worm is a malware that is exponentially infected through the network and that can cause a collapse due to its massive use to try to replicate itself. In 1988, still at the dawn of the Internet, when technology and security were not yet very advanced, the Morris worm almost completely collapsed the Internet. Today a worm could collapse geographic sections of the Internet (such as a region) for a short time, but coordinating a massive attack is really complex to carry out without a large organization. Although, well, we could try…

It’s incredible everything you have in that quantum stubborn head we made for you, but I’m running out of pages to take note, Pandorinator RDM, could you give us any conclusions on how it is possible to bring down the Internet?

My, my, thanks for the compliment, Creator. I’ll give you your succinct conclusion: The Internet is designed for failure, so that we can lose services, but never leave the network inoperative at all. It is designed to be resilient and survive nuclear catastrophes that physically volatilize part of its infrastructure. The Internet is capable of regenerating its basic infrastructure (the routes that interconnect the nodes that make up the network) and the services that operate on them have their own ways of protecting and rebuilding themselves.

The only way we have to “turn off” the Internet is through a massive electromagnetic pulse that affects the entire planet or a massive Solar Storm. In both cases, the Internet crash would be the least of our problems.

And, listen, do you have a way to generate one of those massive electromagnetic pulses?

Me? Pay more attention! Who do you think you’re talking to? OF COURSE I HAVE! Right under this compartment, see? Even in the form of a red button.

Let’s see, let’s see…

How long will the planet as we know it last? Will Pandora FMS and Pandorinator RDM finally carry out their plans for world domination? You just have to stay tuned with our blog, our social media, and if Wi-Fi reaches you, because as the most cautious sect smokers announce: “THE END IS NEAR”.

PowerShell 101: an alternative to command line on Linux and Mac

The Command Line Interface (CLI) in Windows® exists and resists the passage of time, from those distant days of MS-DOS® to the current PowerShell 101. Let’s see the basic PowerShell.

When I went to college in the 1980s, proprietary software reigned. The old German computers with Unix® that printed our schedules were being replaced by “modern” personal computers. The Microsoft® software house – at that time – was tied to MS-DOS®, so we learned to use the commands: dir, cls, format for our floppy disks…

A little over a decade ago, back in Redmond they decided to dust off, modernize and empower the CLI. Born as Monad®, renamed PowerShell®, today we present you with the basic PowerShell or PowerShell 101.

Description: Basic Powershell – Logo
(Wikipedia https://commons.wikimedia.org/wiki/File:PowerShell_5.0_icon.png)

Basic PowerShell

The Linux operating system has been going on strong; there are many articles in Pandora FMS blog about it. Also in the monitoring of proprietary systems we are always present; Windows®, as its maximum exponent. And every time a new version comes out we’re there, testing and checking.

I think, because of this Linux thing, Microsoft decided to make a compilation of tools along with new concepts, as a counterpart to the GNU features that come with Linux. Considering that PowerShell Core exists since 2016 as open software (MIT license) but with Windows® proprietary components, now we have it available in Ubuntu, CentOS (the OS recommended for Pandora FMS) and macOS and even in another hardware architecture such as ARM.

Installing PowerShell Core at Linux

In Ubuntu we must install the package manager snap: with sudo apt install snap we will achieve our mission. Next we’ll run snap install powershell -classic

Description: snap install powershell – classic

First commands

Having launched with the command pwsh (in Windows® we should look for powershell.exe), we will have a terminal window, with “PS” of indicative (prompt) followed by the location of the directory. In both environments the aspect is very similar, so we will generalize from now on.

Then let’s put our memory into practice:

• cls: “clears” the screen, leaving space to execute a new cycle of commands. It’s not necessary at all, but it’s similar to writing with chalk on a blackboard and erasing to begin to explain another subject.
• dir -ad: to list directories only.
• echo message: when we want to show specific text on the screen. This doesn’t seem to be useful, but when we integrate it in a script it is of tremendous utility to indicate the progress of some task or the result of the same one.

We won’t delay any longer with the old MS-DOS commands. In the twenty-first century, we would need to continue using such old technology, and in the process with those old programs that communicated or interacted with text strings (STDIN, STDOUT).

Basic Command-let in PowerShell 101

In the 21st century everything is more complex, they are years of accumulated experience. PowerShell 101 is not a simple tool like the one we use in Linux. For this tool there are command-let and its name is abbreviated as cmdlet. This means that the commands we tested are not really the ones we thought they were: they are aliases of the default cmdlet and this allows backward compatibility. Now, there’s more. Let’s analyse the case of the command date, used to remunerate the date.

Its real name is Get-Date and although it returns in a slightly different format the current date and time to that of the alias, basically both do the same thing. For monitoring tasks we need to deliver that value in a very specific format: this is when the cmdlets do their job in a totally different way.

Description: «Working with cmdlet with date and time variables»

With the cmdlet Get-Date we can:

• Display the date of the computer.
• Display it in a custom format.
• Use methods; in this case we visualize what day number is the date May 20, 2019 (it is the 140th day of the year).
• Save a date variable in a custom format.
• Convert this variable to a text string and save it in a file.
• Notice that we have used the pipe to communicate one cmdlet with another. The cmdlet you receive used to write to disk is called Add-Content. (Don’t you remember Linux?).
• The reading counterpart is Get-Content and its alias is called… “cat”, just like the one used in Linux to list the contents of a text file!

Take a pause, check this before moving on to the next point.

Working with cmdlet

With all this as a base, we can stop thinking of basic Powershell as a tool and start evoking it as a toolbox. To do this we will use the Get-Command command:

Using it without any parameter will give us back a lot of tools; the ones we have installed in our computer.

If we inquire about a particular command, for example Get-Command Get-Date will return information about the command type, name, version and source (the library it belongs to). For Get-Date it will indicate that it is a cmdlet belonging to Microsoft.PowerShell.Utility and for Clear-Host (clear screen, cls) that it is simply a function. Entering an alias will return the original cmdlet or function.

If we don’t remember the name exactly we’ll use wildcards; for example, with Get-Command *date* we’ll get a list of all the commands that contain that string.

Help with basic Powershell

The help was also thought as a repository, since with the Get-Help command we can also download content to our computer:

• Get-Help Get-Date: will show complete information about how to use Get-Date, its syntax, its aliases, etc.
• Get-Help Get-Date -Online: will open an instance of our web browser and open the latest online information about the Get-Date command.
  To work offline, i.e. to save the updated help: Update-Help.

Using Get-Help, let’s learn about the commands Get-Location and Set-Location.

Let’s suppose we have to create a folder or a file; for this we will no longer use the command md or mkdir (the latter is written exactly the same in Linux) but we will use the New-Item command:

New-Item “path/name” -type directory

New-item Command.

“path/name” of the directory; quotation marks are required when interspersed.

Parameter -type and then what we have installed as provider: File, Directory, SymbolicLink, Junction or HardLink

Now let’s talk about providers: we can download the providers we need or we can create our own providers and associate them to the command. My imagination flies: we develop a program that acts as an FTP client and we offer it as a provider so we can sell it to anyone to integrate it into their PowerShell… but wait, there is more. If we do this in turn -if our license allows it- our client can add our FTP program as a library to their own projects. What do you think?

Note: PowerShell is also able to work via API and even security analysts have created their own PowerShell environments, some mixed with Python language… who don’t even need Microsoft executable files!

Pandora FMS and monitoring tasks

Pandora FMS flexibility allows us to use PowerShell to quickly access complex commands. For example, in Windows environment we need to know which patches are installed:

Get-CimInstance -ClassName Win32_QuickFixEngineering -ComputerName

We will be able to visualize the components with the Get-Member command, extract the contents and make our complement in Pandora FMS for PowerShell!

What’s new in Pandora FMS latest release, Pandora FMS 755

Let’s check out together the features and improvements related to this new Pandora FMS release: Pandora FMS 756.

NEW FEATURES AND IMPROVEMENTS

Added new widget: Odometer for visual consoles

A new odometer widget has been added. It will have two types of operations, one if it is a percentage value and the other if it is an absolute value, where its maximum and minimum values will be taken as reference for its calculation.

New automatic adjustment option in visual consoles

A new option has been added so that when you add a visual console in full screen mode, its width automatically adjusts.

Mass operations on Service elements

The ability to mass create/edit/delete items has been added in Services in both Nodes and Metaconsole.

Inside the Metaconsole, the following have been added:

• Wizard within services to be able to add/edit/delete several service elements at once.
• Service list option for mass creating and deleting services.

Within Nodes, service mass creation and deletion has been implemented from mass operations, as well as the ability to add/edit/delete several service elements at once.

Metaconsole centralized mode: Command Center

In this version, we introduce a new Metaconsole component, the Command Center, which allows working in a unified way in nodes, in a much more agile and fail-safe way. Any changes to the system configuration will be propagated to the nodes automatically.

New Alert server

A new server has been added to Pandora FMS. The alert server will be in charge of processing and sending all the alerts, thus being able to free threads from the rest of the servers so as not to overload data processing while the alerts are launched in environments with many alerts. This server is optional and if it is not activated, the alerts continue to work as before.